<?php
session_start();

$_SESSION["errmsg"] = '';
require_once '../include/config.lib.php';
require_once '../include/database.lib.php';
require_once '../include/PHPMailer/class.phpmailer.php';

ConnectToDB();// Connect to the DB.

$forgetReq = DBExecute("SELECT USERNAME, ID, NAME FROM person WHERE username = ? AND email = ?",array($_POST["accountNo"],$_POST["email"]));
$authentication = $forgetReq->fetchAssocRow();
if($authentication["ID"] == null)
{
	//if the email and user name are wrong
	$_SESSION["errmsg"] = "Wrong user name or email!";
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../forgetpassword.php\"></HTML>";//redirect to the previous page
}
else 
{
	$mail             = new PHPMailer();
	$newpassword = createRandomPassword();
	//$body             = file_get_contents('contents.html');
	//$body             = eregi_replace("[\]",'',$body);
	$body             = "Your username: ".$authentication["USERNAME"]."\n"."Your new password: ".$newpassword;
	
	print($body);
	echo $_POST["email"];
	
	$tostore = strtoupper(SHA1($newpassword));
	DBExecute("UPDATE person SET PASSWORD = ? WHERE ID = ?",array($tostore,$authentication["ID"]));
	$mail->IsSMTP(); // telling the class to use SMTP
	//$mail->Host       = "mail.yourdomain.com"; // SMTP server
	$mail->SMTPDebug  = 2;                     // enables SMTP debug information (for testing)
	                                           // 1 = errors and messages
	                                           // 2 = messages only
	$mail->SMTPAuth   = true;                  // enable SMTP authentication
	$mail->SMTPSecure = "tls";                 // sets the prefix to the servier
	$mail->Host       = "smtp.gmail.com";      // sets GMAIL as the SMTP server
	$mail->Port       = 587;                   // set the SMTP port for the GMAIL server
	$mail->Username   = "coraladmn@gmail.com";  // GMAIL username
	$mail->Password   = "fab4coral";            // GMAIL password
	
	$mail->SetFrom('coraladmn@gmail.com', 'CoRAL');
	
	//$mail->AddReplyTo("dialy.cs@gmail.com","First Last");
	
	$mail->Subject    = "Your new password on CoRAL";
	
//	$mail->AltBody    = "To view the message, please use an HTML compatible email viewer!"; // optional, comment out and test
	
	$mail->MsgHTML($body);
	
	$address = $_POST["email"];
	$mail->AddAddress($address, $authentication["NAME"]);
	
	//$mail->AddAttachment("images/phpmailer.gif");      // attachment
	//$mail->AddAttachment("images/phpmailer_mini.gif"); // attachment
	
	if(!$mail->Send()) {
//	  echo "Mailer Error: " . $mail->ErrorInfo;
	$_SESSION["errmsg"] = 'Sorry, Internal Error!';
	} else {
//	  echo "Message sent!";
	$_SESSION["errmsg"] = 'Your new password has been sent!';
	}
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../forgetpassword.php\"></HTML>";//redirect to the previous page

}


/**
 * Function to generate new password.
 * The letter l (lowercase L) and the number 1
 * have been removed, as they can be mistaken
 * for each other.
 */
function createRandomPassword()
{
    $chars = "abcdefghijkmnopqrstuvwxyz023456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    
    while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
    }
   
    return $pass;
}
?>